Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(publick8s, privatek8s) allow NAT gateways to AKS API #596

Merged
merged 1 commit into from
Jan 23, 2024
Merged

feat(publick8s, privatek8s) allow NAT gateways to AKS API #596

merged 1 commit into from
Jan 23, 2024

Conversation

dduportal
Copy link
Contributor

@dduportal dduportal commented Jan 23, 2024
edited
Loading

Ref. jenkins-infra/helpdesk#3908

This PR adds the NAT gatewat public IP in the allow list for both publick8s and privatek8s to ensure all requests originated from inside the clusters (autoscaler, nodes healthchecks, API commands for kubectl logs/exec, etc.) are allowed to reach the control plane.

@dduportal
feat(publick8s, privatek8s) allow NAT gateways to AKS API
f4bace3 
Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
@dduportal dduportal force-pushed the feat/publick8s-privatek8s/allow-nat-gateways branch from b65e02f to f4bace3 Compare January 23, 2024 16:55
@dduportal
Copy link
Contributor Author

Local run:

# azurerm_kubernetes_cluster.publick8s will be updated in-place
  ~ resource "azurerm_kubernetes_cluster" "publick8s" {
        # (29 unchanged attributes hidden)

      ~ api_server_access_profile {
          ~ authorized_ip_ranges     = [
              + "20.22.30.74/32",
              + "20.22.30.9/32",
              + "20.65.63.127/32",
              + "20.7.192.189/32",
              + "20.85.71.108/32",
                # (12 unchanged elements hidden)
            ]
            # (1 unchanged attribute hidden)
        }

        # (5 unchanged blocks hidden)
    }

Let's roll!

@dduportal dduportal marked this pull request as ready for review January 23, 2024 16:59
@dduportal dduportal requested a review from a team as a code owner January 23, 2024 16:59
@dduportal dduportal merged commit 63e22b7 into jenkins-infra:main Jan 23, 2024
@dduportal dduportal deleted the feat/publick8s-privatek8s/allow-nat-gateways branch January 23, 2024 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@dduportal